Three popular VPN services have been found to leak private user information, which if exploited could be used to identify users.
The report, published Tuesday, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN -- all of which promise to provide privacy for their users.
But the research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user's location.
In the case of Hotspot Shield, three separate bugs in how the company's Chrome extension handles proxy auto-config scripts -- used to direct traffic to the right places -- leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services.
http://www.zdnet.com/article/more-privacy-busting-bugs-found-in-popular-vpn-services/
-- submitted from IRC
(Score: 3, Informative) by NotSanguine on Saturday March 17 2018, @12:54AM
The report referenced by TFA [vpnmentor.com] includes details on the vulneabilities as well as CVE IDs (CVE-2018-7880, CVE-2018-7878, CVE-2018-7879 although MTIRE hasn't filled in any details yet).
The issues appear to be implementation related problems (poorly written PAC [wikipedia.org] scripts), rather than vulnerabilities in software or hardware.
No, no, you're not thinking; you're just being logical. --Niels Bohr